thinkbroadband

The world trade of old unused IPv4 blocks is something we have seen increase
a lot in the last few months and we expect this to continue to increase as IPv4
block exhaustion becomes more acute and is a key reason why Sky is pushing on
with a move towards a dual-stack operation.

IPv6 support has been trialled by Sky staff for a while and it looks set to
move to a wider audience in the form of everyday customers. Our understanding
is that IPv6 addresses will be allocated from a single /56 using DHCPv6 PD with
existing customer routers getting upgrades to handle IPv6 and running an IPv6
firewall (RFC 6092) to provide basic security.

This move by Sky seems to be ahead of the other major UK broadband providers
and fits in with more techie approach that Sky Broadband Pro Unlimited is
providing, such as allowing old Be and O2 customers to tweak their broadband
profile, rather than rely totally on the automatic DLM system.

Comments

Posted by
Tanaka71 about 1 year ago
About time. I only wish all ISPs, especially mobile operators would hurry up and provide IPV6. As a developer who writes a lot of networking apps, being able to use IPV6 would make my job easier. Yes there are workarounds, but that's sometimes to the expense of battery power.

Posted by
David_W about 1 year ago
Hopefully this is a further step along the journey to ubiquitous IPv6 support.

I have to use a 6in4 tunnel for IPv6 as my ISP (Zen) continues to maintain that the consumer demand for IPv6 does not justify the resources needed to provide and support native IPv6.

Until mainstream CPE is ready for IPv6, including the provision of a firewall, few users will take advantage of IPv6 service, also whilst ways are found to limp along with IPv4, including CG-NAT, the average Internet user is content.

It would help if several large ISPs such as Sky added native IPv6 to their standard offering.

Posted by
rhetherington about 1 year ago
They're allocating from a single /56? Are they giving each customer just a single IP?

They should really be assigning at least a /56 per end point! [1]

I agree with David_W that Zen really need to pull their finger out with regards to IPv6. It's been almost 9 years since i first requested it of them and still nothing.

[1] https://tools.ietf.org/html/rfc6177

Posted by
thinkunbiased about 1 year ago
Did you read rfc6177? It says the old recommendation is obsolete and is not their position to make any specific recommendation.

For home/single-small-office that recommendation was a /64

/56 is too small for sky to give /64s but plenty large enough to give excessive IP allocation to every router.
As an example a /96 gives every customer 4B IPs and allows everyone in the world to be a customers 10 times over.

AFAIK /64 remains a single subnet route though. With 256 in /56 this seems to me to be small for the entire country.

Posted by
oliver341 about 1 year ago
Well done Sky. Should have come a lot sooner though, of course. Hopefully this will be a domino effect, once one major ISP implements it, others follow. Other countries seem to have had this effect.

Posted by
DougM about 1 year ago
Sky currently advertises 2a02:0c78::/29, which would allow them to comfortably assign a /56 to each of their customers. I suspect this is what Sky is doing, although the WAN interface will undoubtedly have a single IP it would not be used for NAT.

Anyone NATing IPv6 is seriously missing the point. Security is through stateful firewalling, instead of relying on a by-product of address overloading to limit inbound access.

Posted by
AndrueC about 1 year ago
It might be a by-product of NAT but it's still very effective. A good firewall can defend machines on the LAN from attack but you can't even begin to attack machines hiding behind a NAT device. My laptop is currently connected to the net and there is nothing you can do to attack it.

Posted by
AndrueC about 1 year ago
Back when I was with an ISP that supported IPv6 (IDNet) as soon as I woke my laptop up a friend in the US could ping it once he knew the address. They couldn't do anything else thankfully but I'd hardly call that a step forward in security.

With IPv6 suddenly all your machines are really on the internet whereas they aren't with IPv4. That makes us reliant on the firewall and recent revelations about router security vulnerabilities don't give me a warm feeling.

Posted by
MrToast about 1 year ago
Sky don't do anything without a solid business reason. That should be the real wake up call to the UK here.

So, when will IPv6 really take off? Answer: It already has!

Having been looking at IPv6 penetration stats over the past few years may suggest that its all still a way off. However, look again and see that growth is exponential. It doesn't have to double too many more times to become dominant.

That day is quite close now.

If you are a large network and you are not ready for IPv6 you may not survive.

Posted by
MrToast about 1 year ago
IPv6 will be a step forward in security since there will no longer be the opportunity for the false impression that masquerading behind a PAT makes you safe.

Engineered properly IPv6 will be better than IPv4 which was only ever intended for a temporary period. Its was just too easy to carry on modifying it that it never got retired when IPv6 came out.

Posted by
PWilkin about 1 year ago
I suspect this could end up the same way BT did, with Sky using Carrier Grade NAT rather than rolling out IPv6

I'm not sure most Sky home routers could cope with IPv6, and that would be the limiting factor to deploy it

Posted by
AndrueC about 1 year ago
"Engineered properly IPv6 will be better than IPv4"

Posted by
andrew ( staff member)
about 1 year ago
And if the UK is so far behind all these router issues should not exist as fixed for the countries a long way ahead :-)

Or is the UK not behind the curve.

Posted by
MrToast about 1 year ago
The security issues posted by @AndrueC are not IPv6 issues. Whilst the articles cite 'popular brands' I didn't see Thomson/Technicolor listed (for one). They must supply many 10s of millions mostly via ISPs.

I'm not being complacent but I wonder why they weren't investigated in the study referred to in the SOHOpless piece?